lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <xa0k3sv3p02ddrw6w5vvgu1y.1404398425380@email.android.com>
Date: Thu, 3 Jul 2014 14:40:17 +0000
From: Victor Aguilar <Victor.Aguilar@...tcon.es>
To: Reindl Harald <h.reindl@...lounge.net>, "fulldisclosure@...lists.org"
	<fulldisclosure@...lists.org>
Subject: Re: [FD] AV scan on read vs write debate....



 Reindl Harald <h.reindl@...lounge.net> wrote:


Am 01.07.2014 20:26, schrieb Joe Brown:
> A compromise might be to have scan on Write only, with a forced full system scan of all files at a certain time.
> For example at lunch time.

bad idea

> 1. You don't have an all the time performance hit

if i scan my full system it takes 8 hours

> 2. Files will be checked on a daily/weekly basis

daily is not doable -> see above
weekly is not enough

typically AV signatures are a few hours behind new malware, so it
helps at least if you download something now and don't open the
payload directly after download, maybe in a ZIP only specific
files are affected

the same applies for ZIP's you got from a person you know
which has a infected machine per email, while receive the
mail your signatures maybe not recent enough, in the time
between receive and open files you may get updates

> Negatives are that these files may sit on the device while waiting for the next scheduled scan.

>
> On Mon, Jun 30, 2014 at 2:45 AM, Yoann Gini <yoann.gini@...il.com <mailto:yoann.gini@...il.com>> wrote:
>
>
>     Le 30 juin 2014 à 01:48, Reindl Harald <h.reindl@...lounge.net <mailto:h.reindl@...lounge.net>> a écrit :
>
>     > but if you are talk with Apple "the OS is secure" priests
>     > forget it, they are learning resistent
>
>     This is not true anymore. Any Apple representative wont tell you that nowadays. Even more, Apple has a small
>     antivirus builtin in the system. But signatures based, focused on major OS X threats. No heuristics, no
>     detection of windows malwares.
>
>     Le 30 juin 2014 à 01:38, Exibar <exibar@...lair.com <mailto:exibar@...lair.com>> a écrit :
>
>     > they claim they have a huge performance
>     > improvement with scan on read turned off...
>
>
>     This is also true. Sadly. I work only on Apple products (and I use antivirus), I never seen a good product who
>     don’t slow down the computer as shit.
>
>     From a sys admin perspective, Antivirus editors don’t take the Mac seriously, their product are slow and
>     sometime published with too much bug inside. That don’t help Mac users to have any trust in it…


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ